First thing I see: do NOT ignore the composer.lock file, it's bad practice. For the explanation on this, I will refer you to a talk by Jordi Boggiano (creator of composer) on the subject - he can explain it much better than I can.

Here is a sample of the gitignore file I use on my projects. I won't claim that it's perfect, but it will get you started.

@ruhul: the vendor folder contains all project dependencies, these are installed using "composer install" on a fresh project. No need to upload them to git since their version management is not within your project.

On the other hand, if you gitignore the vendor folder, you won't be able to use Git for deployment (push to your server to update your website) because you will have to install and run composer on your server, which might not be optimal, or even allowed on some hosting servers.

Plus, if some repository suddenly goes away from the Internet or is modified or corrupted (it happens) then you won't be able to run your project anymore.

@tobia I understand what you're saying but i would strongly recommend you do not use git for deployments. Git is a versioning tool and not a deploy tool.
There are a lot of tools which are better suited for deployment. I myself use Ansible for server provisioning and environment deploys.

Git should be used for what it is build for.. versioning. And you do not want to version 3rd party packages (aka vendor folder) or anything else that is useless to version (like compiled files etc...)

I am seeing a lot of comments directing 'good idea' at using git for deployment, and checking in binaries and vendors... No one can stop you, but this is bad practice and will catch up with you, if not in the project, somewhere else. Really listen to advice for a bit.